// NewForConfig creates a new Clientset for the given config. func NewForConfig(c *restclient.Config) (*Clientset, error) { configShallowCopy := *c if configShallowCopy.RateLimiter == nil && configShallowCopy.QPS > 0 { configShallowCopy.RateLimiter = flowcontrol.NewTokenBucketRateLimiter(configShallowCopy.QPS, configShallowCopy.Burst) } var cs Clientset var err error cs.CoreClient, err = internalversioncore.NewForConfig(&configShallowCopy) if err != nil { return nil, err } cs.AppsClient, err = internalversionapps.NewForConfig(&configShallowCopy) if err != nil { return nil, err } cs.AuthenticationClient, err = internalversionauthentication.NewForConfig(&configShallowCopy) if err != nil { return nil, err } cs.AuthorizationClient, err = internalversionauthorization.NewForConfig(&configShallowCopy) if err != nil { return nil, err } cs.AutoscalingClient, err = internalversionautoscaling.NewForConfig(&configShallowCopy) if err != nil { return nil, err } cs.BatchClient, err = internalversionbatch.NewForConfig(&configShallowCopy) if err != nil { return nil, err } cs.CertificatesClient, err = internalversioncertificates.NewForConfig(&configShallowCopy) if err != nil { return nil, err } cs.ExtensionsClient, err = internalversionextensions.NewForConfig(&configShallowCopy) if err != nil { return nil, err } cs.PolicyClient, err = internalversionpolicy.NewForConfig(&configShallowCopy) if err != nil { return nil, err } cs.RbacClient, err = internalversionrbac.NewForConfig(&configShallowCopy) if err != nil { return nil, err } cs.StorageClient, err = internalversionstorage.NewForConfig(&configShallowCopy) if err != nil { return nil, err } cs.DiscoveryClient, err = discovery.NewDiscoveryClientForConfig(&configShallowCopy) if err != nil { glog.Errorf("failed to create the DiscoveryClient: %v", err) return nil, err } return &cs, nil }
// bootstrapClientCert requests a client cert for kubelet if the kubeconfigPath file does not exist. // The kubeconfig at bootstrapPath is used to request a client certificate from the API server. // On success, a kubeconfig file referencing the generated key and obtained certificate is written to kubeconfigPath. // The certificate and key file are stored in certDir. func bootstrapClientCert(kubeconfigPath string, bootstrapPath string, certDir string, nodeName types.NodeName) error { // Short-circuit if the kubeconfig file already exists. // TODO: inspect the kubeconfig, ensure a rest client can be built from it, verify client cert expiration, etc. _, err := os.Stat(kubeconfigPath) if err == nil { glog.V(2).Infof("Kubeconfig %s exists, skipping bootstrap", kubeconfigPath) return nil } if !os.IsNotExist(err) { glog.Errorf("Error reading kubeconfig %s, skipping bootstrap: %v", kubeconfigPath, err) return err } glog.V(2).Info("Using bootstrap kubeconfig to generate TLS client cert, key and kubeconfig file") bootstrapClientConfig, err := loadRESTClientConfig(bootstrapPath) if err != nil { return fmt.Errorf("unable to load bootstrap kubeconfig: %v", err) } bootstrapClient, err := unversionedcertificates.NewForConfig(bootstrapClientConfig) if err != nil { return fmt.Errorf("unable to create certificates signing request client: %v", err) } success := false // Get the private key. keyPath, err := filepath.Abs(filepath.Join(certDir, defaultKubeletClientKeyFile)) if err != nil { return fmt.Errorf("unable to build bootstrap key path: %v", err) } keyData, generatedKeyFile, err := loadOrGenerateKeyFile(keyPath) if err != nil { return err } if generatedKeyFile { defer func() { if !success { if err := os.Remove(keyPath); err != nil { glog.Warningf("Cannot clean up the key file %q: %v", keyPath, err) } } }() } // Get the cert. certPath, err := filepath.Abs(filepath.Join(certDir, defaultKubeletClientCertificateFile)) if err != nil { return fmt.Errorf("unable to build bootstrap client cert path: %v", err) } certData, err := csr.RequestNodeCertificate(bootstrapClient.CertificateSigningRequests(), keyData, nodeName) if err != nil { return err } if err := certutil.WriteCert(certPath, certData); err != nil { return err } defer func() { if !success { if err := os.Remove(certPath); err != nil { glog.Warningf("Cannot clean up the cert file %q: %v", certPath, err) } } }() // Get the CA data from the bootstrap client config. caFile, caData := bootstrapClientConfig.CAFile, []byte{} if len(caFile) == 0 { caData = bootstrapClientConfig.CAData } // Build resulting kubeconfig. kubeconfigData := clientcmdapi.Config{ // Define a cluster stanza based on the bootstrap kubeconfig. Clusters: map[string]*clientcmdapi.Cluster{"default-cluster": { Server: bootstrapClientConfig.Host, InsecureSkipTLSVerify: bootstrapClientConfig.Insecure, CertificateAuthority: caFile, CertificateAuthorityData: caData, }}, // Define auth based on the obtained client cert. AuthInfos: map[string]*clientcmdapi.AuthInfo{"default-auth": { ClientCertificate: certPath, ClientKey: keyPath, }}, // Define a context that connects the auth info and cluster, and set it as the default Contexts: map[string]*clientcmdapi.Context{"default-context": { Cluster: "default-cluster", AuthInfo: "default-auth", Namespace: "default", }}, CurrentContext: "default-context", } // Marshal to disk if err := clientcmd.WriteToFile(kubeconfigData, kubeconfigPath); err != nil { return err } success = true return nil }